Tor

Tor is an encrypted anonymising network that makes it harder to intercept internet communications, or see where communications are coming from or going to.

In order to use the WikiLeaks public submission system as detailed above you can download the Tor Browser Bundle, which is a Firefox-like browser available for Windows, Mac OS X and GNU/Linux and pre-configured to connect using the anonymising system Tor.

Tails

If you are at high risk and you have the capacity to do so, you can also access the submission system through a secure operating system called Tails. Tails is an operating system launched from a USB stick or a DVD that aim to leaves no traces when the computer is shut down after use and automatically routes your internet traffic through Tor. Tails will require you to have either a USB stick or a DVD at least 4GB big and a laptop or desktop computer.

Tips

Our submission system works hard to preserve your anonymity, but we recommend you also take some of your own precautions. Please review these basic guidelines.

1. Contact us if you have specific problems

If you have a very large submission, or a submission with a complex format, or are a high-risk source, please contact us. In our experience it is always possible to find a custom solution for even the most seemingly difficult situations.

2. What computer to use

If the computer you are uploading from could subsequently be audited in an investigation, consider using a computer that is not easily tied to you. Technical users can also use Tails to help ensure you do not leave any records of your submission on the computer.

3. Do not talk about your submission to others

If you have any issues talk to WikiLeaks. We are the global experts in source protection – it is a complex field. Even those who mean well often do not have the experience or expertise to advise properly. This includes other media organisations.

After

1. Do not talk about your submission to others

If you have any issues talk to WikiLeaks. We are the global experts in source protection – it is a complex field. Even those who mean well often do not have the experience or expertise to advise properly. This includes other media organisations.

2. Act normal

If you are a high-risk source, avoid saying anything or doing anything after submitting which might promote suspicion. In particular, you should try to stick to your normal routine and behaviour.

3. Remove traces of your submission

If you are a high-risk source and the computer you prepared your submission on, or uploaded it from, could subsequently be audited in an investigation, we recommend that you format and dispose of the computer hard drive and any other storage media you used.

In particular, hard drives retain data after formatting which may be visible to a digital forensics team and flash media (USB sticks, memory cards and SSD drives) retain data even after a secure erasure. If you used flash media to store sensitive data, it is important to destroy the media.

If you do this and are a high-risk source you should make sure there are no traces of the clean-up, since such traces themselves may draw suspicion.

4. If you face legal action

If a legal action is brought against you as a result of your submission, there are organisations that may help you. The Courage Foundation is an international organisation dedicated to the protection of journalistic sources. You can find more details at https://www.couragefound.org.

Submit documents to WikiLeaks

WikiLeaks publishes documents of political or historical importance that are censored or otherwise suppressed. We specialise in strategic global publishing and large archives.

The following is the address of our secure site where you can anonymously upload your documents to WikiLeaks editors. You can only access this submissions system through Tor. (See our Tor tab for more information.) We also advise you to read our tips for sources before submitting.

wlupld3ptjvsgwqw.onion

Copy this address into your Tor browser. Advanced users, if they wish, can also add a further layer of encryption to their submission using our public PGP key.

If you cannot use Tor, or your submission is very large, or you have specific requirements, WikiLeaks provides several alternative methods. Contact us to discuss how to proceed.

The Syria Files

Thursday 5 July 2012, WikiLeaks began publishing the Syria Files – more than two million emails from Syrian political figures, ministries and associated companies, dating from August 2006 to March 2012. This extraordinary data set derives from 680 Syria-related entities or domain names, including those of the Ministries of Presidential Affairs, Foreign Affairs, Finance, Information, Transport and Culture. At this time Syria is undergoing a violent internal conflict that has killed between 6,000 and 15,000 people in the last 18 months. The Syria Files shine a light on the inner workings of the Syrian government and economy, but they also reveal how the West and Western companies say one thing and do another.

Introduction
Scope of Work in this document
* Provide feasibility study to create phase 1 GSN virtual infrastructure.
Scope of Work to be Excluded
* Low level configuration design.
* Required software and hardware
Assumptions
* PDN infrastructure is robust network infrastructure that can connect all the required parties
* PDN can provide secure communication paths using MPLS VPN to enable government secure collaboration
* PDN infrastructure can provide bandwidth variation based on agencies requirements
* PDN Flexibility to provide ease of redefining the customer network topology
* PDN Scalability to easily adapts to growth in complexity and volume in the customer's network
* PDN can provide Quality of Service to support of different Guaranteed Classes of Services depending on customer applications requirements
* PDN Availability & Reliability
Executive Summary
This study is to provide detailed idea about creating phase 1 GSN virtual infrastructure using the current PDN infrastructure that is owned by the Syrian government, the virtual GSN infrastructure should be a service dedicated to provide a value-for-money and a fully managed telecommunications solution to public sector organizations and their private sector partners.

The GSN should provide a secure route for electronic communications between connected organizations, and onward secure communication to other networks when required. Organizations can also choose between different types of connection depending on their needs.

Phase 1 GSN virtual infrastructure Objectives
The main role of phase 1 GSN infrastructure is to enable the implementation of individual e-government services by ministries and other government agencies by utilizing the current PDN infrastructure and defining common standards and agencies types which these agencies can use to be part of the GSN.

Based on that defined roles; the following objectives for this phase should provide the following:
* Intranet VPN - The capability to interconnect all remotely located sites into an secured Intranet
* Any-to-any connectivity - The ability to create an efficient fully meshed network providing any-to-any communication among sites
* The capability for Interoperability to ease transactions that are conducted between deferent government agencies.
* A unified secure network that connects all government agencies with single point of operation and management to reduce current cost paid by agencies to maintain their local networks.
* Capability to support provisioning and management.

GSN Phase 1 Solution Overview
The Current PDN network
15119351000760The current PDN IP Connect services is based on Virtual Private Networks and MPLS, which allow the connected government agencies with locations spread wide in Syria to connect and transfer data in a private and secure way over reliable robust MPLS infrastructure. Each government agency has its own VPN cloud inside the main PDN cloud. The client VPN cloud enables the multiple sites to interconnect with the main site and there is a possibility to configure a full mesh cloud for the client if required.

Figure 1 PDN VPN
Proposed GSN Phase 1 infrastructure
The proposed solution for this phase is to build a virtual infrastructure based on the current PDN using VPN technology, the new GSN VPN cloud will provide shared bus as a central platform for deferent government agencies to provide electronic services and transactions, also to provide secure customized connections between government agencies for information exchange and database queries.
Each government VPN cloud will have a GSN entry point to the GSN cloud with separate physical lines controlled by best practices for security policies and procedures. The GSN entry point should meet minimum requirements from hardware and configuration perspective in order to allow connections in and out the government agency VPN cloud maintaining the required security levels for data transactions.

Figure 2 GSN Diagram

Connections Categories
Government to Government (G2G)
The G2G category focuses on the government connections such as:
* Government Agency employees and departments require high-security access to government services, privilege-based authorization, and special customized services tailored to the G2G community.
* Government Service Bus (GSB) that will provide e-Services provided by the government agencies between each other.
* Government user access to their own E-Government Application Services across the GSN if the application servers are located in a separate data centre
Government to People (G2P)
* This category focuses more into the connections between government published services with private service providers which provide integrated services to the e-Gov framework such as SMS providers, IVR/contact centre providers...etc. The GSN in this case shall provide a secure interface between private service providers and the GSB Service Provision Gateway hosted inside the PDN.

Government Agencies Types
* Type A: government agency which publish services to be used with G2G or G2P
* Type B: large government agency which does not publish services to be used with G2G or G2P
* Type C: regular government agency which does not publish services to be used with G2G or G2P
* Type D: small government agency which does not publish services to be used with G2G or G2P
Categorizing the agencies into types will help the GSN team to put their standards for the minimum hardware and configuration and force each agency to use in order to provide quality service.
Recommendations for the GSN administration
The GSN administration team should be able to do the following in order to make the GSN a healthy and secure infrastructure to help the government agencies to provide quality service per to G2G business and G2P business. The team should be able to build and modify GSN infrastructure to meet any upcoming needs for the government, the team should be a group of highly educated consultants and able to provide consulting services to government agencies in Syria. The consultancy services can be divided into the following:
* Assessment:
* Assess the readiness and maturity of government agencies from various perspectives including Strategy, Business Process, Organizational Structure and IT.
* Provide an assessment report of findings and recommendations.
* e-Government Transformation Strategic Plan Development
* Analyze and document current infrastructure
* Develop target infrastructure
* Produce infrastructure High level design
* Develop infrastructure roadmap